[Bug 38775] 64-bit Planetside 2 crashes on startup (stack pointer (RSP) must be 16-byte aligned when making a call to Win64 API)
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Jun 24 18:04:43 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=38775
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
URL|https://www.planetside2.com |https://launch.soe.com/inst
|/register |aller/PS2_setup.exe
CC| |focht at gmx.net
Resolution|--- |DUPLICATE
Summary|Planetside 2 64bit: crash |64-bit Planetside 2 crashes
|on launch in |on startup (stack pointer
|NtProtectVirtualMemory |(RSP) must be 16-byte
| |aligned when making a call
| |to Win64 API)
--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
Dupe of bug 27680
--- snip ---
Unhandled exception: page fault in 64-bit code (0x00007f25a6440ca9).
Register dump:
rip:00007f25a6440ca9 rsp:000000000022f9c8 rbp:000000000022fba8 eflags:00010202
( R- -- I - - - )
rax:000000007b86f420 rbx:00007f25a6688ce0 rcx:ffffffffffffffff
rdx:000000000022fc10
rsi:0000000140bad8b4 rdi:0000000143a924ec r8:000000000022fc18
r9:0000000000000040 r10:0000000000000008
r11:0000000000000246 r12:000000007bf00d10 r13:00007ffd61968940
r14:0000000000000000 r15:0000000000000000
...
Backtrace:
=>0 0x00007f25a6440ca9 NtProtectVirtualMemory+0xd(process=0x22fc08,
addr_ptr=0x22fc10, size_ptr=0x40, new_prot=0x22fc68, old_prot=0x22fc68)
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/virtual.c:2155] in ntdll
(0x000000000022fba8)
1 0x000000007b8ef2a7 VirtualProtectEx+0x45(process=0xffffffffffffffff,
addr=0x144938800, size=0x35, new_prot=0x40, old_prot=0x22fc68)
[/home/focht/projects/wine/wine.repo/src/dlls/kernel32/virtual.c:238] in
kernel32 (0x000000000022fbf8)
2 0x000000007b8ef25f VirtualProtect+0x44(addr=0x144938800, size=0x35,
new_prot=0x40, old_prot=0x22fc68)
[/home/focht/projects/wine/wine.repo/src/dlls/kernel32/virtual.c:214] in
kernel32 (0x000000000022fc38)
3 0x0000000140bad952 in planetside2_x64 (+0xbad951) (0x000000000022fd20)
4 0x0000000144938800 in planetside2_x64 (+0x49387ff) (0x000000000022fd20)
0x00007f25a6440ca9 NtProtectVirtualMemory+0xd
[/home/focht/projects/wine/wine.repo/src/dlls/ntdll/virtual.c:2155] in ntdll:
2155 {
Modules:
Module Address Debug info Name (96 modules)
PE 230000- 416000 Deferred physx3common_x64
PE 420000- 4b7000 Deferred physx3cooking_x64
PE 4c0000- 858000 Deferred physx3_x64
PE 860000- 8c6000 Deferred
physx3characterkinematic_x64
PE 3b400000- 3b422000 Deferred steam_api64
ELF 7a800000- 7ac51000 Deferred opengl32<elf>
\-PE 7a8a0000- 7ac51000 \ opengl32
ELF 7b800000- 7bcda000 Dwarf kernel32<elf>
\-PE 7b860000- 7bcda000 \ kernel32
ELF 7be00000- 7c103000 Deferred <wine-loader>
PE 140000000- 144938a00 Export planetside2_x64
...
Threads:
process tid prio (all id:s are in hex)
...
00000022 (D) C:\Program Files (x86)\Sony Online Entertainment\Installed
Games\PlanetSide 2\PlanetSide2_x64.exe
00000023 0 <==
--- snip ---
Unaligned memory access with SSE instruction from code at 00007F544D41CCA9
Source: dlls/ntdll/virtual.c:2155
NtProtectVirtualMemory:
--- snip ---
00007F544D41CC9C 55 push rbp
00007F544D41CC9D 48 89 E5 mov rbp,rsp
00007F544D41CCA0 57 push rdi
00007F544D41CCA1 56 push rsi
00007F544D41CCA2 48 81 EC D0 01 00 00 sub rsp,1D0
00007F544D41CCA9 0F 29 B5 50 FF FF FF movaps dqword ptr ss:[rbp-B0],xmm6
00007F544D41CCB0 0F 29 BD 60 FF FF FF movaps dqword ptr ss:[rbp-A0],xmm7
00007F544D41CCB7 44 0F 29 85 70 FF FF FF movaps dqword ptr ss:[rbp-90],xmm8
00007F544D41CCBF 44 0F 29 4D 80 movaps dqword ptr ss:[rbp-80],xmm9
00007F544D41CCC4 44 0F 29 55 90 movaps dqword ptr ss:[rbp-70],xmm10
00007F544D41CCC9 44 0F 29 5D A0 movaps dqword ptr ss:[rbp-60],xmm11
00007F544D41CCCE 44 0F 29 65 B0 movaps dqword ptr ss:[rbp-50],xmm12
00007F544D41CCD3 44 0F 29 6D C0 movaps dqword ptr ss:[rbp-40],xmm13
00007F544D41CCD8 44 0F 29 75 D0 movaps dqword ptr ss:[rbp-30],xmm14
00007F544D41CCDD 44 0F 29 7D E0 movaps dqword ptr ss:[rbp-20],xmm15
00007F544D41CCE2 48 89 4D 10 mov qword ptr ss:[rbp+10],rcx
00007F544D41CCE6 48 89 55 18 mov qword ptr ss:[rbp+18],rdx
00007F544D41CCEA 4C 89 45 20 mov qword ptr ss:[rbp+20],r8
00007F544D41CCEE 44 89 4D 28 mov dword ptr ss:[rbp+28],r9d
...
--- snip ---
To check that Wine isn't at fault here we traverse the caller chain back.
Just in case someone notices on the prolog code (unrelated to this bug): I'm
running '-fno-PIC' Wine builds for some time now with good results.
Source: dlls/kernel32/virtual.c:237
VirtualProtectEx:
--- snip ---
000000007B8EF261 55 push rbp
000000007B8EF262 48 89 E5 mov rbp,rsp
000000007B8EF265 48 83 EC 40 sub rsp,40
000000007B8EF269 48 89 4D 10 mov qword ptr ss:[rbp+10],rcx
000000007B8EF26D 48 89 55 18 mov qword ptr ss:[rbp+18],rdx
000000007B8EF271 4C 89 45 20 mov qword ptr ss:[rbp+20],r8
000000007B8EF275 44 89 4D 28 mov dword ptr ss:[rbp+28],r9d
000000007B8EF279 44 8B 45 28 mov r8d,dword ptr ss:[rbp+28]
000000007B8EF27D 48 8D 4D 20 lea rcx,qword ptr ss:[rbp+20]
000000007B8EF281 48 8D 45 18 lea rax,qword ptr ss:[rbp+18]
000000007B8EF285 48 8B 55 30 mov rdx,qword ptr ss:[rbp+30]
000000007B8EF289 48 89 54 24 20 mov qword ptr ss:[rsp+20],rdx
000000007B8EF28E 45 89 C1 mov r9d,r8d
000000007B8EF291 49 89 C8 mov r8,rcx
000000007B8EF294 48 89 C2 mov rdx,rax
000000007B8EF297 48 8B 4D 10 mov rcx,qword ptr ss:[rbp+10]
000000007B8EF29B 48 B8 20 F4 86 7B 00 00 0 mov rax,<NtProtectVirtualMemory>
000000007B8EF2A5 FF D0 call rax
...
--- snip ---
Source: dlls/kernel32/virtual.c:213
VirtualProtect:
--- snip ---
000000007B8EF21A 55 push rbp
000000007B8EF21B 48 89 E5 mov rbp,rsp
000000007B8EF21E 48 83 EC 30 sub rsp,30
000000007B8EF222 48 89 4D 10 mov qword ptr ss:[rbp+10],rcx
000000007B8EF226 48 89 55 18 mov qword ptr ss:[rbp+18],rdx
000000007B8EF22A 44 89 45 20 mov dword ptr ss:[rbp+20],r8d
000000007B8EF22E 4C 89 4D 28 mov qword ptr ss:[rbp+28],r9
000000007B8EF232 8B 4D 20 mov ecx,dword ptr ss:[rbp+20]
000000007B8EF235 48 8B 55 18 mov rdx,qword ptr ss:[rbp+18]
000000007B8EF239 48 8B 45 28 mov rax,qword ptr ss:[rbp+28]
000000007B8EF23D 48 89 44 24 20 mov qword ptr ss:[rsp+20],rax
000000007B8EF242 41 89 C9 mov r9d,ecx
000000007B8EF245 49 89 D0 mov r8,rdx
000000007B8EF248 48 8B 55 10 mov rdx,qword ptr ss:[rbp+10]
000000007B8EF24C 48 C7 C1 FF FF FF FF mov rcx,FFFFFFFFFFFFFFFF
000000007B8EF253 48 B8 61 F2 8E 7B 00 00 . mov rax,<VirtualProtectEx>
000000007B8EF25D FF D0 call rax
000000007B8EF25F C9 leave
000000007B8EF260 C3 ret
--- snip ---
The (broken) caller:
--- snip ---
0000000140BAD8BD 56 push rsi
0000000140BAD8BE 57 push rdi
0000000140BAD8BF 9C pushfq
0000000140BAD8C0 48 83 EC 38 sub rsp,38
0000000140BAD8C4 FC cld
0000000140BAD8C5 B8 01 00 00 00 mov eax,1
0000000140BAD8CA B9 FF FF 00 00 mov ecx,FFFF
0000000140BAD8CF E0 FE loopne 140BAD8CF
0000000140BAD8D1 FF C8 dec eax
0000000140BAD8D3 83 F8 00 cmp eax,0
0000000140BAD8D6 75 F2 jnz 140BAD8CA
0000000140BAD8D8 48 B9 35 88 93 44 01 00 .. mov rcx,144938835 ; kernel32.dll
0000000140BAD8E2 48 BF F4 24 A9 43 01 00 .. mov rdi,<&LoadLibraryA>
0000000140BAD8EC FF 17 call qword ptr ds:[rdi]
0000000140BAD8EE 48 BA 42 88 93 44 01 00 .. mov rdx,144938842 ; VirtualProtect
0000000140BAD8F8 48 BF EC 24 A9 43 01 00 .. mov rdi,<&GetProcAddress>
0000000140BAD902 48 8B C8 mov rcx,rax
0000000140BAD905 FF 17 call qword ptr ds:[rdi]
0000000140BAD907 57 push rdi
0000000140BAD908 4C 8B CC mov r9,rsp
0000000140BAD90B 49 C7 C0 40 00 00 00 mov r8,40
0000000140BAD912 48 C7 C2 A8 00 00 00 mov rdx,A8
0000000140BAD919 48 B9 B4 D8 BA 40 01 00 .. mov rcx,140BAD8B4
0000000140BAD923 40 50 push rax
0000000140BAD925 48 83 EC 20 sub rsp,20
0000000140BAD929 FF D0 call rax ; VirtualProtect
0000000140BAD92B 48 83 C4 20 add rsp,20
0000000140BAD92F 40 58 pop rax
0000000140BAD931 4C 8B CC mov r9,rsp
0000000140BAD934 49 C7 C0 40 00 00 00 mov r8,40
0000000140BAD93B 48 C7 C2 35 00 00 00 mov rdx,35
0000000140BAD942 48 B9 00 88 93 44 01 00 .. mov rcx,144938800
0000000140BAD94C 48 83 EC 20 sub rsp,20
0000000140BAD950 FF D0 call rax ; VirtualProtect
0000000140BAD952 48 83 C4 20 add rsp,20
0000000140BAD956 5F pop rdi
0000000140BAD957 E9 A4 AE D8 03 jmp 144938800
...
--- snip ---
At time of performing the call instruction the stack has to be 16-byte aligned.
ProtectionID scan:
--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> C:\Program Files (x86)\Sony Online Entertainment\Installed
Games\PlanetSide 2\PlanetSide2_x64.exe
File Type : 64-Bit Exe (Subsystem : Win GUI / 2), Size : 73962496 (04689400h)
Byte(s)
Compilation TimeStamp : 0x5588CE6A -> Tue 23rd Jun 2015 03:11:38 (GMT)
[TimeStamp] 0x5588CE6A -> Tue 23rd Jun 2015 03:11:38 (GMT) | PE Header | - |
Offset: 0x00000000:00000150 | VA: 0x00000001:40000150 | -
[TimeStamp] 0x5588CE6A -> Tue 23rd Jun 2015 03:11:38 (GMT) | Export | - |
Offset: 0x00000000:03383824 | VA: 0x00000001:43385024 | -
[TimeStamp] 0x5588CE6A -> Tue 23rd Jun 2015 03:11:38 (GMT) | DebugDirectory | -
| Offset: 0x00000000:02B555E4 | VA: 0x00000001:42B56DE4 | -
[!] Executable uses TLS callbacks (3 total... 0 invalid addresses)
[File Heuristics] -> Flag #1 : 00000100000001111100000100000000 (0x0407C100)
[Entrypoint Section Entropy] : 7.89 (section #0) ".text " | Size : 0x27CB400
(41726976) byte(s)
[DllCharacteristics] -> Flag : (0x8100) -> DEP | TSA
[SectionCount] 10 (0xA) | ImageSize 0x4938A00 (76777984) byte(s)
[Export] 100% of function(s) (76 of 76) are in file | 0 are forwarded | 76 code
| 0 data | 0 uninit data | 0 unknown |
[VersionInfo] Company Name : Daybreak Game Company. LLC
[VersionInfo] Product Name : PlanetSide 2 ("Stage")
[VersionInfo] Product Version : 1.0.236.325612
[VersionInfo] File Description : PlanetSide 2 Play Client
[VersionInfo] File Version : 1.0.236.325612
[VersionInfo] Legal Copyrights : Copyright (C) 2015 Daybreak Game Company. LLC
[Debug Info] (record 1 of 1) (file offset 0x2B555E0)
Characteristics : 0x0 | TimeDateStamp : 0x5588CE6A (Tue 23rd Jun 2015 03:11:38
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x69 (105)
AddressOfRawData : 0x2F70F98 | PointerToRawData : 0x2F6F798
CvSig : 0x53445352 | SigGuid FAA29C1F-2E3F-40F0-9924FBC6386D6655
Age : 0x2 | Pdb :
C:\Dev\Planetside2\Stage\Code\Output\x64\Shipping\PlayClient\PlanetSide2_x64.pdb
[!] Steam api usage detected
[CdKeySerial] found "ActivationCode" @ VA: 0x02B99E62 / Offset: 0x02B98662
[CdKeySerial] found "Serial Number" @ VA: 0x02CBBC0C / Offset: 0x02CBA40C
[CdKeySerial] found "SerialNumber" @ VA: 0x02CBBDEE / Offset: 0x02CBA5EE
[CdKeySerial] found "Invalid code" @ VA: 0x02D56358 / Offset: 0x02D54B58
[CdKeySerial] found "Invalid code" @ VA: 0x02D563A8 / Offset: 0x02D54BA8
[CdKeySerial] found "ActivationCode" @ VA: 0x02DB6238 / Offset: 0x02DB4A38
[CdKeySerial] found "SerialNumber" @ VA: 0x02E9D8B0 / Offset: 0x02E9C0B0
[CdKeySerial] found "Serial Number" @ VA: 0x02E9E2FD / Offset: 0x02E9CAFD
[CdKeySerial] found "Serial Number" @ VA: 0x02EC0858 / Offset: 0x02EBF058
[CompilerDetect] -> Visual C++ 10.0 (Visual Studio 2010)
- Scan Took : 15.323 Second(s) [000003D3Dh (15677) tick(s)] [179 of 573 scan(s)
done]
--- snip ---
$ sha1sum PS2_setup.exe
0c3eb3ec1855c676654c57e9d1e531ba9a58ad5e PS2_setup.exe
$ du -sh PS2_setup.exe
23M PS2_setup.exe
$ wine --version
wine-1.7.45-213-g4f3acf3
Regards
*** This bug has been marked as a duplicate of bug 27680 ***
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list